Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-18459

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.01265EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-18460

Malicious code in bioql PyPI...

9.8CVSS6.6AI score0.00695EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/06/16 10:23 p.m.6 views

CVE-2025-32798

The conda-build contains commands and tools to build conda packages. The conda-build recipe processing logic was found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embedded selectors in meta.yam...

9.8CVSS7.3AI score0.00695EPSS
Exploits1References2
NVD
NVD
added 2025/06/16 9:15 p.m.14 views

CVE-2025-32799

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

9.8CVSS0.01265EPSS
Exploits1References4
CVE
CVE
added 2025/06/16 8:38 p.m.34 views

CVE-2025-32800

CVE-2025-32800 affects the Conda-build tool. Before version 25.3.0, its pyproject.toml lists the dependency conda-index , which is not published in PyPI. An attacker could claim the namespace and upload arbitrary/malicious code, enabling exploitation during a pip install when resolving dependenci...

9.8CVSS7.5AI score0.00545EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/06/16 8:38 p.m.22 views

CVE-2025-32800 Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencies not present in PyPI

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...

9.2CVSS0.00545EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/06/16 8:23 p.m.16 views

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

6.1CVSS0.01265EPSS
Exploits1References4
OSV
OSV
added 2025/06/16 8:23 p.m.6 views

CVE-2025-32799 Conda-build Vulnerable to Path Traversal via Malicious Tar File

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal Tarslip attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal...

6.1CVSS7.9AI score0.01265EPSS
Exploits1References6
CVE
CVE
added 2025/06/16 8:10 p.m.52 views

CVE-2025-32798

Conda-build (prior to 25.4.0) is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors, currently using eval to process embedded selectors in meta.yaml files. This un sanitised input allows execution of malicious code during the build process, compromising the build ...

9.8CVSS8.1AI score0.00695EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/06/16 6:46 p.m.7 views

CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...

6CVSS7.9AI score0.00143EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.7 views

PT-2025-25585 · Unknown · Conda-Build

Name of the Vulnerable Software and Affected Versions: conda-build versions prior to 25.4.0 Description: The conda-build recipe processing logic is vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. This is because conda-build uses the eval function to process...

9.8CVSS7.4AI score0.00695EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.7 views

PT-2025-25580

Name of the Vulnerable Software and Affected Versions conda-build versions prior to 25.3.1 Description The issue in conda-build allows attackers with filesystem access to exploit a race condition and overwrite a temporary build script, potentially leading to arbitrary code execution under the...

7CVSS7.4AI score0.00143EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.5 views

PT-2025-25588 · Python +1 · Pip +2

Name of the Vulnerable Software and Affected Versions: Conda-build versions prior to 25.3.0 Description: The issue concerns a dependency injection vulnerability. Conda-build lists conda-index as a Python dependency in its pyproject.toml file. Since conda-index is not published in PyPI, an attacke...

9.8CVSS6.8AI score0.00545EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/06/16 12:0 a.m.5 views

PT-2025-25587 · Unknown · Conda-Build

Name of the Vulnerable Software and Affected Versions: Conda-build versions prior to 25.4.0 Description: The issue is related to path traversal attacks due to improper sanitization of tar entry paths in the conda-build processing logic. This could allow attackers to craft tar archives that write...

9.8CVSS7AI score0.01265EPSS
Exploits1References9
Rows per page
Query Builder